CVE-2018-6339

{"id": "CVE-2018-6339", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-06-14T17:29:02.003", "references": [{"url": "https://www.facebook.com/security/advisories/cve-2018-6339/", "tags": ["Third Party Advisory"], "source": "cve-assign@fb.com"}, {"url": "https://www.facebook.com/security/advisories/cve-2018-6339/", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cve-assign@fb.com", "description": [{"lang": "en", "value": "CWE-121"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "When receiving calls using WhatsApp on Android, a stack allocation failed to properly account for the amount of data being passed in. An off-by-one error meant that data was written beyond the allocated space on the stack. This issue affects WhatsApp for Android starting in version 2.18.180 and was fixed in version 2.18.295. It also affects WhatsApp Business for Android starting in version v2.18.103 and was fixed in version v2.18.150."}, {"lang": "es", "value": "Cuando se reciben llamadas con WhatsApp en Android, en la asignaci\u00f3n de pila no se considera adecuadamente la cantidad de datos que est\u00e1n pasando. Un error de uno en uno significaba que los datos se escrib\u00edan fuera del espacio asignado en la pila. Este problema afecta a WhatsApp para Android a partir de la versi\u00f3n 2.18.180 y se corrigi\u00f3 en la versi\u00f3n 2.18.295. Tambi\u00e9n afecta a WhatsApp Business para Android a partir de la versi\u00f3n v2.18.103 y se corrigi\u00f3 en la versi\u00f3n v2.18.150."}], "lastModified": "2024-11-21T04:10:30.830", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:business:android:*:*", "vulnerable": true, "matchCriteriaId": "7111B367-98BD-4244-A3F5-661A1DCE43C3", "versionEndExcluding": "2.18.150", "versionStartIncluding": "2.18.103"}, {"criteria": "cpe:2.3:a:whatsapp:whatsapp:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "6AF2CF4A-DE98-48CC-A13A-E168EA4678E6", "versionEndExcluding": "2.18.295", "versionStartIncluding": "2.18.180"}], "operator": "OR"}]}], "sourceIdentifier": "cve-assign@fb.com"}